Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-04 04:06:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7cbfc44269
linux-stable/drivers
History
Peter Hurley f8b1cc043c tty: Fix unsafe ldisc reference via ioctl(TIOCGETD) 
commit 5c17c861a3 upstream.

ioctl(TIOCGETD) retrieves the line discipline id directly from the
ldisc because the line discipline id (c_line) in termios is untrustworthy;
userspace may have set termios via ioctl(TCSETS*) without actually
changing the line discipline via ioctl(TIOCSETD).

However, directly accessing the current ldisc via tty->ldisc is
unsafe; the ldisc ptr dereferenced may be stale if the line discipline
is changing via ioctl(TIOCSETD) or hangup.

Wait for the line discipline reference (just like read() or write())
to retrieve the "current" line discipline id.

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
[bwh: Backported to 2.6.32: adjust filename]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Willy Tarreau <w@1wt.eu>
2016-03-12 14:25:40 +01:00
..
accessibility
acpi ACPI / cpuidle: Fix NULL pointer issues when cpuidle is disabled 2013-06-10 11:42:39 +02:00
amba
ata libata: increase the timeout when setting transfer mode 2015-09-18 13:52:17 +02:00
atm atm: idt77252: fix dev refcnt leak 2014-05-19 07:54:03 +02:00
auxdisplay
base devres: fix devres_get() 2015-12-06 00:49:07 +01:00
block cciss: Fix misapplied "cciss: fix info leak in cciss_ioctl32_passthru()" 2014-12-13 15:16:20 +01:00
bluetooth Bluetooth: hci_ldisc: fix NULL-pointer dereference on tty_close 2012-10-07 23:37:39 +02:00
cdrom drivers/cdrom/cdrom.c: use kzalloc() for failing hardware 2014-05-19 07:53:15 +02:00
char tty: Fix unsafe ldisc reference via ioctl(TIOCGETD) 2016-03-12 14:25:40 +01:00
clocksource clocksource: sh_tmu: compute mult and shift before registration 2010-09-26 17:21:37 -07:00
connector proc connector: Delete spurious memset in proc_exit_connector() 2014-12-13 15:16:20 +01:00
cpufreq CPUFREQ: Remove cpufreq_stats sysfs entries on module unload. 2011-06-23 15:24:07 -07:00
cpuidle cpuidle: menu: fixed wrapping timers at 4.294 seconds 2011-06-23 15:24:04 -07:00
crypto crypto: padlock - Fix AES-CBC handling on odd-block-sized input 2010-12-09 13:27:10 -08:00
dca
dio
dma dmaengine: fix missing 'cnt' in ?: in dmatest 2015-09-18 13:52:19 +02:00
edac amd64_edac: Fix interleaving check 2011-01-07 14:43:06 -08:00
eisa
firewire firewire: ohci: fix race in AR split packet handling 2010-12-09 13:26:50 -08:00
firmware Revert "pcdp: use early_ioremap/early_iounmap to access pcdp table" 2013-06-10 11:42:11 +02:00
gpio gpiolib: Actually set output state in wm831x_gpio_direction_output() 2010-03-15 08:49:57 -07:00
gpu drm/i915: Attempt to fix watermark setup on 85x (v2) 2012-10-07 23:37:12 +02:00
hid HID: core: Avoid uninitialized buffer access 2015-12-06 00:49:17 +01:00
hwmon hwmon: (f75375s) Fix automatic pwm mode setting for F75373 & F75375 2012-03-04 09:49:19 -08:00
i2c i2c: Fix error value returned by several bus drivers 2012-01-25 13:53:21 -08:00
ide block: add and use scsi_blk_cmd_ioctl 2012-01-25 13:53:24 -08:00
idle
ieee1394 headers: remove sched.h from interrupt.h 2009-10-11 11:20:58 -07:00
ieee802154 ieee802154: dont leak skbs in ieee802154_fake_xmit() 2009-11-19 13:16:21 -08:00
infiniband IB/core: Avoid leakage from kernel to user space 2015-05-24 10:10:52 +02:00
input Input: evdev - do not report errors form flush() 2015-12-06 00:49:09 +01:00
isdn ser_gigaset: fix deallocation of platform device structure 2016-01-29 22:12:53 +01:00
leds leds-gpio: fix default state handling on OF platforms 2010-04-01 15:58:53 -07:00
lguest lguest: fix out-by-one error in address checking. 2015-09-18 13:52:02 +02:00
macintosh windfarm: decrement client count when unregistering 2015-12-06 00:49:07 +01:00
mca
md md: use kzalloc() when bitmap is disabled 2015-12-06 00:49:01 +01:00
media usbvision fix overflow of interfaces array 2016-03-12 14:25:39 +01:00
memstick memstick: mspro_block: add missing curly braces 2015-09-18 13:52:00 +02:00
message mptfusion: Fix Incorrect return value in mptscsih_dev_reset 2011-03-02 09:46:33 -05:00
mfd mfd: wm831x: Feed the device UUID into device_add_randomness() 2012-10-07 23:41:23 +02:00
misc mmc: cb710 core: Add missing spin_lock_init for irq_lock of struct cb710_chip 2012-02-13 11:28:50 -08:00
mmc Revert "ARM: 7220/1: mmc: mmci: Fixup error handling for dma" 2012-02-03 09:26:51 -08:00
mtd mtd: cafe_nand: fix an & vs | mistake 2012-10-07 23:41:04 +02:00
net wan/x25: Fix use-after-free in x25_asy_open_tty() 2016-01-29 22:12:47 +01:00
nubus
of of: Remove nested function 2009-10-15 09:58:27 -06:00
oprofile oprofile: Fix locking dependency in sync_start() 2011-12-21 13:04:51 -08:00
parisc PARISC: led.c - fix potential stack overflow in led_proc_write() 2010-08-10 10:20:37 -07:00
parport sysctl: remove "struct file *" argument of ->proc_handler 2009-09-24 07:21:04 -07:00
pci intel-iommu: Flush unmaps at domain_exit 2014-05-19 07:53:13 +02:00
pcmcia Disable write buffering on Toshiba ToPIC95 2015-09-18 13:52:11 +02:00
platform thinkpad-acpi: module autoloading for newer Lenovo ThinkPads. 2011-11-07 12:32:44 -08:00
pnp PNP: fix "work around Dell 1536/1546 BIOS MMCONFIG bug that breaks USB" 2012-10-07 23:37:18 +02:00
power ds2760_battery: Fix calculation of time_to_empty_now 2011-02-17 15:37:02 -08:00
pps pps: events reporting fix up 2009-11-12 07:26:01 -08:00
ps3
rapidio
regulator regulator: Fix display of null constraints for regulators 2010-02-23 07:37:49 -08:00
rtc rtc: wm831x: Feed the write counter into device_add_randomness() 2012-10-07 23:41:22 +02:00
s390 qeth: avoid buffer overflow in snmp ioctl 2014-05-19 07:54:34 +02:00
sbus
scsi ses: fix additional element traversal bug 2016-01-29 22:12:52 +01:00
serial serial: samsung: wait for transfer completion before clock disable 2015-05-24 10:10:39 +02:00
sfi SFI: remove __init from sfi_verify_table 2009-10-03 01:16:12 -04:00
sh
sn
spi spi: fix parent-device reference leak 2016-01-29 22:12:54 +01:00
ssb ssb: b43-pci-bridge: Add new vendor for BCM4318 2010-12-09 13:26:41 -08:00
staging staging: vt6655: device_rx_srv check sk_buff is NULL 2015-09-18 13:52:09 +02:00
tc
telephony telephony: ijx: buffer overflow in ixj_write_cid() 2013-06-10 11:42:57 +02:00
thermal acpi: thermal: Add EOL to the trip_point_N_type strings 2009-11-05 17:33:24 -05:00
uio Fix a few incorrectly checked [io_]remap_pfn_range() calls 2014-05-19 07:54:22 +02:00
usb USB: visor: fix null-deref at probe 2016-03-12 14:25:39 +01:00
uwb headers: remove sched.h from interrupt.h 2009-10-11 11:20:58 -07:00
video Fix a few incorrectly checked [io_]remap_pfn_range() calls 2014-05-19 07:54:22 +02:00
virtio virtio: set pci bus master enable bit 2011-03-07 15:17:55 -08:00
vlynq drivers/vlynq/vlynq.c: fix resource size off by 1 error 2009-09-24 07:21:05 -07:00
w1 w1: fix oops when w1_search is called from netlink connector 2013-06-10 11:42:42 +02:00
watchdog watchdog: hpwdt: clean up set_memory_x call for 32 bit 2012-03-17 11:14:51 +01:00
xen xen/xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. 2012-01-25 13:53:20 -08:00
zorro
Kconfig
Makefile virtio: initialize earlier 2010-05-12 14:57:15 -07:00